Pulse Detail — Threat Intelligence

PULSE NAME

Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations

WHITE AlienVault 2022-08-05 Modified: 2022-08-05

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

Researchers identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization’s conference in late July 2022.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1059 T1553 T1560 T1574 T1547 T1053 T1127 T1561 T1140 T1490 T1106 T1566 T1573 T1056 T1007 T1012 T1027 T1033 T1055 T1057 T1070 T1082 T1083 T1087 T1112 T1113 T1134 T1489 T1497 T1518 T1543 T1569

MALWARE FAMILIES

ROADSWEEP CHIMNEYSWEEP

Indicators of Compromise (19 / 51 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	19068e8228b6b8f5528489fa70779b2b	—	2022-08-05
FileHash-MD5	23643b7bd48a200889a4613a0e0a86e4	—	2022-08-05
FileHash-MD5	3633b3d69060a5882656b69f81655f0a	—	2022-08-05
FileHash-MD5	38e0fa41e9519d4783766992c203e794	—	2022-08-05
FileHash-MD5	3a1033cb1eb06c2cd5e91c539cf8a519	—	2022-08-05
FileHash-MD5	44d1c75815724523a58b566d95378825	—	2022-08-05
FileHash-MD5	49d72f9212d5653f5be9f764d8c9df24	—	2022-08-05
FileHash-MD5	5cc183702fae8cc23a55037c1efab5e5	—	2022-08-05
FileHash-MD5	779940f675ff4ab4e8cab7a1b7cf5d3c	—	2022-08-05
FileHash-MD5	77a369e5e49e7e62d8eef2c00cd02950	—	2022-08-05
FileHash-MD5	7a77c2930f0457ed2dd622e9739c7d3d	—	2022-08-05
FileHash-MD5	7b71764236f244ae971742ee1bc6b098	—	2022-08-05
FileHash-MD5	7f6db4493c6a76eb44534306291ea85f	—	2022-08-05
FileHash-MD5	8c8bbe3a4a23cd4cc96c12af5fb1199b	—	2022-08-05
FileHash-MD5	92c61e3047297136701c25deb658b35a	—	2022-08-05
FileHash-MD5	9c09d147dfbc98d5e6e051fe1ed0033d	—	2022-08-05
FileHash-MD5	bbe983dba3bf319621b447618548b740	—	2022-08-05
FileHash-MD5	df9ab47726001883b5fcf58b56b34b41	—	2022-08-05
FileHash-MD5	f3c977830bf616b9061d7aee5ce0b2f2	—	2022-08-05

References (1)

↗ https://www.mandiant.com/resources/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against